| 1 |
Dale Pontius wrote: |
| 2 |
|
| 3 |
> Peter Shaw wrote: |
| 4 |
> |
| 5 |
>> On Monday 14 November 2005 02:51, Dale Pontius wrote: |
| 6 |
>> |
| 7 |
>> |
| 8 |
>>> I decided to try running BIND on the SELinux system. I get this |
| 9 |
>>> message: |
| 10 |
>>> * Starting named ... |
| 11 |
>>> named: capset failed: Operation not permitted: please ensure that the |
| 12 |
>>> capset kernel module is loaded. see insmod(8) |
| 13 |
>>> |
| 14 |
>>> I've made sure that "commoncap" was built and loaded prior to trying to |
| 15 |
>>> start BIND. A bit |
| 16 |
>>> of google searching, and this seemed to have helped everyone else, but |
| 17 |
>>> not me. |
| 18 |
>> |
| 19 |
>> I had the same problem and googled it, and the module I found I had |
| 20 |
>> to put into /etc/modules.autoload.d/kernel-2.6 was ¨capability¨, not |
| 21 |
>> ¨commoncap¨. But perhaps you´re using a 2.4 kernel and it´s different |
| 22 |
>> - i just subscribed to the mailing list and didn´t see the original |
| 23 |
>> post. |
| 24 |
>> |
| 25 |
>> |
| 26 |
> I saw the "capability" stuff too, and thought that was the same as |
| 27 |
> "commoncap". So |
| 28 |
> now I have to ask... Where do you turn on "capability"? I did a "grep |
| 29 |
> CAP .config" |
| 30 |
> and got only 2 entries, the one that produced commoncap, and another |
| 31 |
> that was |
| 32 |
> completely unrelated. (sound, maybe?) I'm running 2.6, by the way. |
| 33 |
|
| 34 |
Never mind... Found it, and it was already built with my current |
| 35 |
configuration. I just |
| 36 |
had to modprobe it, and BIND starts. But I still don't know which kernel |
| 37 |
config switch |
| 38 |
turned it on. Oh well, my Gentoo SELinux server is now serving |
| 39 |
something, instead of |
| 40 |
just consuming electricity and teaching me. |
| 41 |
|
| 42 |
Dale |
| 43 |
-- |
| 44 |
gentoo-hardened@g.o mailing list |
Archives